2 letscode: I think your approach is not really good, what will be if user will want to change only email and password left as is, after save his password hash will be corrupted.
2 GoofyX: I'm not sure, but if you want to use mysql hashing function to hash password you will nedd to manually create sql for inserting. I think model can't help you with that. But I'm not sure…
@Goofyx: What is the problem you are facing? What is the generated SQL? Did you try directly executing the SQL? Also, your original code is subject to SQL injection attack because you are directly putting the password input into the raw SQL without any escaping.
OK, according to my code, SQL injection is a possibility, I will fix it, thanks for pointing that out. The problem I am facing is that if for example I print out the value of the CDbExpression object, I get a string. That is, after I save the model, the value in the password field of the db table is